Securing U.S. Elections Against Cyber Threats
Considerations for Supply Chain Risk Management
Expert InsightsPublished Sep 22, 2020
Considerations for Supply Chain Risk Management
Expert InsightsPublished Sep 22, 2020
The cybersecurity of election systems has long been a central focus of election officials and the federal government, starting with the passage of the Help America Vote Act in 2002 and, more recently, in 2017 with the designation of elections as a critical infrastructure subsector. Federal partners in the Cybersecurity and Infrastructure Security Agency, the U.S. Election Assistance Commission, and the National Institute of Standards and Technology are supporting the election community, including election officials and vendors, to improve cybersecurity. More recently, this focus has expanded to concerns about the supply chain of components that are integral to election system equipment. This concern for the cybersecurity of supply chains is found throughout industry as organizations strive to protect their equipment and customers from cyber threats.
In this Perspective, RAND Corporation researchers lay out the considerations for securing election system supply chains against cyber threats and how the federal government can partner with state and local officials and the vendor community to understand where risk lies in the supply chain. The Perspective discusses how existing tools and approaches can be adapted and used to facilitate cyber supply chain risk management. It should be of interest to federal, state, and local election officials who will manage their relationships with the manufacturers of election equipment; to manufacturers that will, in turn, manage their relationships with their suppliers; and to those developing tools for mapping supply chains and assessing supply chain risk.
This research was conducted within the Strategy, Policy and Operations Program of the RAND Homeland Security Research Division.
This publication is part of the RAND expert insights series. The expert insights series presents perspectives on timely policy issues.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.